Vulnerability Details : CVE-2010-0600
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.
Exploit prediction scoring system (EPSS) score for CVE-2010-0600
Probability of exploitation activity in the next 30 days: 1.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0600
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-0600
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0600
-
http://www.kb.cert.org/vuls/id/757804
VU#757804 - Cisco Network Building Mediator products contain multiple vulnerabilitiesUS Government Resource
-
http://www.securityfocus.com/bid/40384
Cisco Network Building Mediator System Configuration File Information Disclosure Vulnerability
-
http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf
404 - File Not Found | CISA
-
http://securitytracker.com/id?1024027
Cisco Network Building Mediator Lets Remote Users Login and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml
Multiple Vulnerabilities in Cisco Network Building Mediator - CiscoPatch;Vendor Advisory
Products affected by CVE-2010-0600
- cpe:2.3:a:cisco:mediator_framework:2.2:*:*:*:*:*:*:*When used together with: Cisco » Network Building Mediator Nbm-2400When used together with: Cisco » Network Building Mediator Nbm-4800When used together with: Cisco » Richards-zeta Mediator 2500
- cpe:2.3:a:cisco:mediator_framework:3.0.8:*:*:*:*:*:*:*When used together with: Cisco » Network Building Mediator Nbm-2400When used together with: Cisco » Network Building Mediator Nbm-4800When used together with: Cisco » Richards-zeta Mediator 2500
- cpe:2.3:a:cisco:mediator_framework:1.5.1:*:*:*:*:*:*:*When used together with: Cisco » Network Building Mediator Nbm-2400When used together with: Cisco » Network Building Mediator Nbm-4800When used together with: Cisco » Richards-zeta Mediator 2500